CVE-2020-15110
MEDIUMjupyterhub-kubespawner <0.12 - Privilege Escalation
Title source: llmDescription
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
Patch, Third Party Advisory x_refsource_confirm
https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
Scores
CVSS v3
6.8
EPSS
0.0022
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (2)
jupyterhub/kubespawner
< 0.12
pypi/jupyterhub-kubespawner
0 - 0.12.0PyPI
Published
Jul 17, 2020
Tracked Since
Feb 18, 2026